kynjal-cli 4.0.0 → 4.0.2

package/dist/src/commands/security.js

@@ -4,302 +4,235 @@
  *
  * Created with ❤️ by ruv.io
  */
-var __assign = (this && this.__assign) || function () {
-    __assign = Object.assign || function(t) {
-        for (var s, i = 1, n = arguments.length; i < n; i++) {
-            s = arguments[i];
-            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
-                t[p] = s[p];
-        }
-        return t;
-    };
-    return __assign.apply(this, arguments);
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __generator = (this && this.__generator) || function (thisArg, body) {
-    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
-    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
-    function verb(n) { return function (v) { return step([n, v]); }; }
-    function step(op) {
-        if (f) throw new TypeError("Generator is already executing.");
-        while (_) try {
-            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
-            if (y = 0, t) op = [op[0] & 2, t.value];
-            switch (op[0]) {
-                case 0: case 1: t = op; break;
-                case 4: _.label++; return { value: op[1], done: false };
-                case 5: _.label++; y = op[1]; op = [0]; continue;
-                case 7: op = _.ops.pop(); _.trys.pop(); continue;
-                default:
-                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
-                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
-                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
-                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
-                    if (t[2]) _.ops.pop();
-                    _.trys.pop(); continue;
-            }
-            op = body.call(thisArg, _);
-        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
-        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
-    }
-};
 import { output } from '../output.js';
 // Scan subcommand
-var scanCommand = {
+const scanCommand = {
     name: 'scan',
     description: 'Run security scan on target (code, dependencies, containers)',
     options: [
-        { name: 'target', short: 't', type: 'string', description: 'Target path or URL to scan', "default": '.' },
-        { name: 'depth', short: 'd', type: 'string', description: 'Scan depth: quick, standard, deep', "default": 'standard' },
-        { name: 'type', type: 'string', description: 'Scan type: code, deps, container, all', "default": 'all' },
-        { name: 'output', short: 'o', type: 'string', description: 'Output format: text, json, sarif', "default": 'text' },
+        { name: 'target', short: 't', type: 'string', description: 'Target path or URL to scan', default: '.' },
+        { name: 'depth', short: 'd', type: 'string', description: 'Scan depth: quick, standard, deep', default: 'standard' },
+        { name: 'type', type: 'string', description: 'Scan type: code, deps, container, all', default: 'all' },
+        { name: 'output', short: 'o', type: 'string', description: 'Output format: text, json, sarif', default: 'text' },
         { name: 'fix', short: 'f', type: 'boolean', description: 'Auto-fix vulnerabilities where possible' },
     ],
     examples: [
         { command: 'claude-flow security scan -t ./src', description: 'Scan source directory' },
         { command: 'claude-flow security scan --depth deep --fix', description: 'Deep scan with auto-fix' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var target, depth, scanType, fix, spinner, findings, criticalCount, highCount, mediumCount, lowCount, fs_1, path_1, execSync, packageJsonPath, auditResult, audit, _i, _a, _b, pkg, vuln, sev, title, secretPatterns_1, scanDir_1, scanDepth, codePatterns_1, scanCodeDir_1, scanDepth, fixSpinner, error_1;
-        var _c;
-        return __generator(this, function (_d) {
-            switch (_d.label) {
-                case 0:
-                    target = ctx.flags.target || '.';
-                    depth = ctx.flags.depth || 'standard';
-                    scanType = ctx.flags.type || 'all';
-                    fix = ctx.flags.fix;
-                    output.writeln();
-                    output.writeln(output.bold('Security Scan'));
-                    output.writeln(output.dim('─'.repeat(50)));
-                    spinner = output.createSpinner({ text: "Scanning " + target + "...", spinner: 'dots' });
-                    spinner.start();
-                    findings = [];
-                    criticalCount = 0, highCount = 0, mediumCount = 0, lowCount = 0;
-                    _d.label = 1;
-                case 1:
-                    _d.trys.push([1, 5, , 6]);
-                    return [4 /*yield*/, import('fs')];
-                case 2:
-                    fs_1 = _d.sent();
-                    return [4 /*yield*/, import('path')];
-                case 3:
-                    path_1 = _d.sent();
-                    return [4 /*yield*/, import('child_process')];
-                case 4:
-                    execSync = (_d.sent()).execSync;
-                    // Phase 1: npm audit for dependency vulnerabilities
-                    if (scanType === 'all' || scanType === 'deps') {
-                        spinner.setText('Checking dependencies with npm audit...');
+    action: async (ctx) => {
+        const target = ctx.flags.target || '.';
+        const depth = ctx.flags.depth || 'standard';
+        const scanType = ctx.flags.type || 'all';
+        const fix = ctx.flags.fix;
+        output.writeln();
+        output.writeln(output.bold('Security Scan'));
+        output.writeln(output.dim('─'.repeat(50)));
+        const spinner = output.createSpinner({ text: `Scanning ${target}...`, spinner: 'dots' });
+        spinner.start();
+        const findings = [];
+        let criticalCount = 0, highCount = 0, mediumCount = 0, lowCount = 0;
+        try {
+            const fs = await import('fs');
+            const path = await import('path');
+            const { execSync } = await import('child_process');
+            // Phase 1: npm audit for dependency vulnerabilities
+            if (scanType === 'all' || scanType === 'deps') {
+                spinner.setText('Checking dependencies with npm audit...');
+                try {
+                    const packageJsonPath = path.resolve(target, 'package.json');
+                    if (fs.existsSync(packageJsonPath)) {
+                        const auditResult = execSync('npm audit --json 2>/dev/null || true', {
+                            cwd: path.resolve(target),
+                            encoding: 'utf-8',
+                            maxBuffer: 10 * 1024 * 1024,
+                        });
                         try {
-                            packageJsonPath = path_1.resolve(target, 'package.json');
-                            if (fs_1.existsSync(packageJsonPath)) {
-                                auditResult = execSync('npm audit --json 2>/dev/null || true', {
-                                    cwd: path_1.resolve(target),
-                                    encoding: 'utf-8',
-                                    maxBuffer: 10 * 1024 * 1024
-                                });
-                                try {
-                                    audit = JSON.parse(auditResult);
-                                    if (audit.vulnerabilities) {
-                                        for (_i = 0, _a = Object.entries(audit.vulnerabilities); _i < _a.length; _i++) {
-                                            _b = _a[_i], pkg = _b[0], vuln = _b[1];
-                                            sev = vuln.severity || 'low';
-                                            title = Array.isArray(vuln.via) && ((_c = vuln.via[0]) === null || _c === void 0 ? void 0 : _c.title) ? vuln.via[0].title : 'Vulnerability';
-                                            if (sev === 'critical')
-                                                criticalCount++;
-                                            else if (sev === 'high')
-                                                highCount++;
-                                            else if (sev === 'moderate' || sev === 'medium')
-                                                mediumCount++;
-                                            else
-                                                lowCount++;
-                                            findings.push({
-                                                severity: sev === 'critical' ? output.error('CRITICAL') :
-                                                    sev === 'high' ? output.warning('HIGH') :
-                                                        sev === 'moderate' || sev === 'medium' ? output.warning('MEDIUM') : output.info('LOW'),
-                                                type: 'Dependency CVE',
-                                                location: "package.json:" + pkg,
-                                                description: title.substring(0, 35)
-                                            });
-                                        }
-                                    }
+                            const audit = JSON.parse(auditResult);
+                            if (audit.vulnerabilities) {
+                                for (const [pkg, vuln] of Object.entries(audit.vulnerabilities)) {
+                                    const sev = vuln.severity || 'low';
+                                    const title = Array.isArray(vuln.via) && vuln.via[0]?.title ? vuln.via[0].title : 'Vulnerability';
+                                    if (sev === 'critical')
+                                        criticalCount++;
+                                    else if (sev === 'high')
+                                        highCount++;
+                                    else if (sev === 'moderate' || sev === 'medium')
+                                        mediumCount++;
+                                    else
+                                        lowCount++;
+                                    findings.push({
+                                        severity: sev === 'critical' ? output.error('CRITICAL') :
+                                            sev === 'high' ? output.warning('HIGH') :
+                                                sev === 'moderate' || sev === 'medium' ? output.warning('MEDIUM') : output.info('LOW'),
+                                        type: 'Dependency CVE',
+                                        location: `package.json:${pkg}`,
+                                        description: title.substring(0, 35),
+                                    });
                                 }
-                                catch ( /* JSON parse failed, no vulns */_e) { /* JSON parse failed, no vulns */ }
                             }
                         }
-                        catch ( /* npm audit failed */_f) { /* npm audit failed */ }
+                        catch { /* JSON parse failed, no vulns */ }
                     }
-                    // Phase 2: Scan for hardcoded secrets
-                    if (scanType === 'all' || scanType === 'code') {
-                        spinner.setText('Scanning for hardcoded secrets...');
-                        secretPatterns_1 = [
-                            { pattern: /['"](?:sk-|sk_live_|sk_test_)[a-zA-Z0-9]{20,}['"]/g, type: 'API Key (Stripe/OpenAI)' },
-                            { pattern: /['"]AKIA[A-Z0-9]{16}['"]/g, type: 'AWS Access Key' },
-                            { pattern: /['"]ghp_[a-zA-Z0-9]{36}['"]/g, type: 'GitHub Token' },
-                            { pattern: /['"]xox[baprs]-[a-zA-Z0-9-]+['"]/g, type: 'Slack Token' },
-                            { pattern: /password\s*[:=]\s*['"][^'"]{8,}['"]/gi, type: 'Hardcoded Password' },
-                        ];
-                        scanDir_1 = function (dir, depthLimit) {
-                            if (depthLimit <= 0)
-                                return;
-                            try {
-                                var entries = fs_1.readdirSync(dir, { withFileTypes: true });
-                                for (var _i = 0, entries_1 = entries; _i < entries_1.length; _i++) {
-                                    var entry = entries_1[_i];
-                                    if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist')
-                                        continue;
-                                    var fullPath = path_1.join(dir, entry.name);
-                                    if (entry.isDirectory()) {
-                                        scanDir_1(fullPath, depthLimit - 1);
-                                    }
-                                    else if (entry.isFile() && /\.(ts|js|json|env|yml|yaml)$/.test(entry.name) && !entry.name.endsWith('.d.ts')) {
-                                        try {
-                                            var content = fs_1.readFileSync(fullPath, 'utf-8');
-                                            var lines = content.split('\n');
-                                            for (var i = 0; i < lines.length; i++) {
-                                                for (var _a = 0, secretPatterns_2 = secretPatterns_1; _a < secretPatterns_2.length; _a++) {
-                                                    var _b = secretPatterns_2[_a], pattern = _b.pattern, type = _b.type;
-                                                    if (pattern.test(lines[i])) {
-                                                        highCount++;
-                                                        findings.push({
-                                                            severity: output.warning('HIGH'),
-                                                            type: 'Hardcoded Secret',
-                                                            location: path_1.relative(target, fullPath) + ":" + (i + 1),
-                                                            description: type
-                                                        });
-                                                        pattern.lastIndex = 0;
-                                                    }
-                                                }
+                }
+                catch { /* npm audit failed */ }
+            }
+            // Phase 2: Scan for hardcoded secrets
+            if (scanType === 'all' || scanType === 'code') {
+                spinner.setText('Scanning for hardcoded secrets...');
+                const secretPatterns = [
+                    { pattern: /['"](?:sk-|sk_live_|sk_test_)[a-zA-Z0-9]{20,}['"]/g, type: 'API Key (Stripe/OpenAI)' },
+                    { pattern: /['"]AKIA[A-Z0-9]{16}['"]/g, type: 'AWS Access Key' },
+                    { pattern: /['"]ghp_[a-zA-Z0-9]{36}['"]/g, type: 'GitHub Token' },
+                    { pattern: /['"]xox[baprs]-[a-zA-Z0-9-]+['"]/g, type: 'Slack Token' },
+                    { pattern: /password\s*[:=]\s*['"][^'"]{8,}['"]/gi, type: 'Hardcoded Password' },
+                ];
+                const scanDir = (dir, depthLimit) => {
+                    if (depthLimit <= 0)
+                        return;
+                    try {
+                        const entries = fs.readdirSync(dir, { withFileTypes: true });
+                        for (const entry of entries) {
+                            if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist')
+                                continue;
+                            const fullPath = path.join(dir, entry.name);
+                            if (entry.isDirectory()) {
+                                scanDir(fullPath, depthLimit - 1);
+                            }
+                            else if (entry.isFile() && /\.(ts|js|json|env|yml|yaml)$/.test(entry.name) && !entry.name.endsWith('.d.ts')) {
+                                try {
+                                    const content = fs.readFileSync(fullPath, 'utf-8');
+                                    const lines = content.split('\n');
+                                    for (let i = 0; i < lines.length; i++) {
+                                        for (const { pattern, type } of secretPatterns) {
+                                            if (pattern.test(lines[i])) {
+                                                highCount++;
+                                                findings.push({
+                                                    severity: output.warning('HIGH'),
+                                                    type: 'Hardcoded Secret',
+                                                    location: `${path.relative(target, fullPath)}:${i + 1}`,
+                                                    description: type,
+                                                });
+                                                pattern.lastIndex = 0;
                                             }
                                         }
-                                        catch ( /* file read error */_c) { /* file read error */ }
                                     }
                                 }
+                                catch { /* file read error */ }
                             }
-                            catch ( /* dir read error */_d) { /* dir read error */ }
-                        };
-                        scanDepth = depth === 'deep' ? 10 : depth === 'standard' ? 5 : 3;
-                        scanDir_1(path_1.resolve(target), scanDepth);
+                        }
                     }
-                    // Phase 3: Check for common security issues in code
-                    if ((scanType === 'all' || scanType === 'code') && depth !== 'quick') {
-                        spinner.setText('Analyzing code patterns...');
-                        codePatterns_1 = [
-                            { pattern: /eval\s*\(/g, type: 'Eval Usage', severity: 'medium', desc: 'eval() can execute arbitrary code' },
-                            { pattern: /innerHTML\s*=/g, type: 'innerHTML', severity: 'medium', desc: 'XSS risk with innerHTML' },
-                            { pattern: /dangerouslySetInnerHTML/g, type: 'React XSS', severity: 'medium', desc: 'React XSS risk' },
-                            { pattern: /child_process.*exec[^S]/g, type: 'Command Injection', severity: 'high', desc: 'Possible command injection' },
-                            { pattern: /\$\{.*\}.*sql|sql.*\$\{/gi, type: 'SQL Injection', severity: 'high', desc: 'Possible SQL injection' },
-                        ];
-                        scanCodeDir_1 = function (dir, depthLimit) {
-                            if (depthLimit <= 0)
-                                return;
-                            try {
-                                var entries = fs_1.readdirSync(dir, { withFileTypes: true });
-                                for (var _i = 0, entries_2 = entries; _i < entries_2.length; _i++) {
-                                    var entry = entries_2[_i];
-                                    if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist')
-                                        continue;
-                                    var fullPath = path_1.join(dir, entry.name);
-                                    if (entry.isDirectory()) {
-                                        scanCodeDir_1(fullPath, depthLimit - 1);
-                                    }
-                                    else if (entry.isFile() && /\.(ts|js|tsx|jsx)$/.test(entry.name) && !entry.name.endsWith('.d.ts')) {
-                                        try {
-                                            var content = fs_1.readFileSync(fullPath, 'utf-8');
-                                            var lines = content.split('\n');
-                                            for (var i = 0; i < lines.length; i++) {
-                                                for (var _a = 0, codePatterns_2 = codePatterns_1; _a < codePatterns_2.length; _a++) {
-                                                    var _b = codePatterns_2[_a], pattern = _b.pattern, type = _b.type, severity = _b.severity, desc = _b.desc;
-                                                    if (pattern.test(lines[i])) {
-                                                        if (severity === 'high')
-                                                            highCount++;
-                                                        else
-                                                            mediumCount++;
-                                                        findings.push({
-                                                            severity: severity === 'high' ? output.warning('HIGH') : output.warning('MEDIUM'),
-                                                            type: type,
-                                                            location: path_1.relative(target, fullPath) + ":" + (i + 1),
-                                                            description: desc
-                                                        });
-                                                        pattern.lastIndex = 0;
-                                                    }
-                                                }
+                    catch { /* dir read error */ }
+                };
+                const scanDepth = depth === 'deep' ? 10 : depth === 'standard' ? 5 : 3;
+                scanDir(path.resolve(target), scanDepth);
+            }
+            // Phase 3: Check for common security issues in code
+            if ((scanType === 'all' || scanType === 'code') && depth !== 'quick') {
+                spinner.setText('Analyzing code patterns...');
+                const codePatterns = [
+                    { pattern: /eval\s*\(/g, type: 'Eval Usage', severity: 'medium', desc: 'eval() can execute arbitrary code' },
+                    { pattern: /innerHTML\s*=/g, type: 'innerHTML', severity: 'medium', desc: 'XSS risk with innerHTML' },
+                    { pattern: /dangerouslySetInnerHTML/g, type: 'React XSS', severity: 'medium', desc: 'React XSS risk' },
+                    { pattern: /child_process.*exec[^S]/g, type: 'Command Injection', severity: 'high', desc: 'Possible command injection' },
+                    { pattern: /\$\{.*\}.*sql|sql.*\$\{/gi, type: 'SQL Injection', severity: 'high', desc: 'Possible SQL injection' },
+                ];
+                const scanCodeDir = (dir, depthLimit) => {
+                    if (depthLimit <= 0)
+                        return;
+                    try {
+                        const entries = fs.readdirSync(dir, { withFileTypes: true });
+                        for (const entry of entries) {
+                            if (entry.name.startsWith('.') || entry.name === 'node_modules' || entry.name === 'dist')
+                                continue;
+                            const fullPath = path.join(dir, entry.name);
+                            if (entry.isDirectory()) {
+                                scanCodeDir(fullPath, depthLimit - 1);
+                            }
+                            else if (entry.isFile() && /\.(ts|js|tsx|jsx)$/.test(entry.name) && !entry.name.endsWith('.d.ts')) {
+                                try {
+                                    const content = fs.readFileSync(fullPath, 'utf-8');
+                                    const lines = content.split('\n');
+                                    for (let i = 0; i < lines.length; i++) {
+                                        for (const { pattern, type, severity, desc } of codePatterns) {
+                                            if (pattern.test(lines[i])) {
+                                                if (severity === 'high')
+                                                    highCount++;
+                                                else
+                                                    mediumCount++;
+                                                findings.push({
+                                                    severity: severity === 'high' ? output.warning('HIGH') : output.warning('MEDIUM'),
+                                                    type,
+                                                    location: `${path.relative(target, fullPath)}:${i + 1}`,
+                                                    description: desc,
+                                                });
+                                                pattern.lastIndex = 0;
                                             }
                                         }
-                                        catch ( /* file read error */_c) { /* file read error */ }
                                     }
                                 }
+                                catch { /* file read error */ }
                             }
-                            catch ( /* dir read error */_d) { /* dir read error */ }
-                        };
-                        scanDepth = depth === 'deep' ? 10 : 5;
-                        scanCodeDir_1(path_1.resolve(target), scanDepth);
-                    }
-                    spinner.succeed('Scan complete');
-                    // Display results
-                    output.writeln();
-                    if (findings.length > 0) {
-                        output.printTable({
-                            columns: [
-                                { key: 'severity', header: 'Severity', width: 12 },
-                                { key: 'type', header: 'Type', width: 18 },
-                                { key: 'location', header: 'Location', width: 25 },
-                                { key: 'description', header: 'Description', width: 35 },
-                            ],
-                            data: findings.slice(0, 20)
-                        });
-                        if (findings.length > 20) {
-                            output.writeln(output.dim("... and " + (findings.length - 20) + " more issues"));
-                        }
-                    }
-                    else {
-                        output.writeln(output.success('No security issues found!'));
-                    }
-                    output.writeln();
-                    output.printBox([
-                        "Target: " + target,
-                        "Depth: " + depth,
-                        "Type: " + scanType,
-                        "",
-                        "Critical: " + criticalCount + "  High: " + highCount + "  Medium: " + mediumCount + "  Low: " + lowCount,
-                        "Total Issues: " + findings.length,
-                    ].join('\n'), 'Scan Summary');
-                    // Auto-fix if requested
-                    if (fix && criticalCount + highCount > 0) {
-                        output.writeln();
-                        fixSpinner = output.createSpinner({ text: 'Attempting to fix vulnerabilities...', spinner: 'dots' });
-                        fixSpinner.start();
-                        try {
-                            execSync('npm audit fix 2>/dev/null || true', { cwd: path_1.resolve(target), encoding: 'utf-8' });
-                            fixSpinner.succeed('Applied available fixes (run scan again to verify)');
-                        }
-                        catch (_g) {
-                            fixSpinner.fail('Some fixes could not be applied automatically');
                         }
                     }
-                    return [2 /*return*/, { success: findings.length === 0 || (criticalCount === 0 && highCount === 0) }];
-                case 5:
-                    error_1 = _d.sent();
-                    spinner.fail('Scan failed');
-                    output.printError("Error: " + error_1);
-                    return [2 /*return*/, { success: false }];
-                case 6: return [2 /*return*/];
+                    catch { /* dir read error */ }
+                };
+                const scanDepth = depth === 'deep' ? 10 : 5;
+                scanCodeDir(path.resolve(target), scanDepth);
             }
-        });
-    }); }
+            spinner.succeed('Scan complete');
+            // Display results
+            output.writeln();
+            if (findings.length > 0) {
+                output.printTable({
+                    columns: [
+                        { key: 'severity', header: 'Severity', width: 12 },
+                        { key: 'type', header: 'Type', width: 18 },
+                        { key: 'location', header: 'Location', width: 25 },
+                        { key: 'description', header: 'Description', width: 35 },
+                    ],
+                    data: findings.slice(0, 20), // Show first 20
+                });
+                if (findings.length > 20) {
+                    output.writeln(output.dim(`... and ${findings.length - 20} more issues`));
+                }
+            }
+            else {
+                output.writeln(output.success('No security issues found!'));
+            }
+            output.writeln();
+            output.printBox([
+                `Target: ${target}`,
+                `Depth: ${depth}`,
+                `Type: ${scanType}`,
+                ``,
+                `Critical: ${criticalCount}  High: ${highCount}  Medium: ${mediumCount}  Low: ${lowCount}`,
+                `Total Issues: ${findings.length}`,
+            ].join('\n'), 'Scan Summary');
+            // Auto-fix if requested
+            if (fix && criticalCount + highCount > 0) {
+                output.writeln();
+                const fixSpinner = output.createSpinner({ text: 'Attempting to fix vulnerabilities...', spinner: 'dots' });
+                fixSpinner.start();
+                try {
+                    execSync('npm audit fix 2>/dev/null || true', { cwd: path.resolve(target), encoding: 'utf-8' });
+                    fixSpinner.succeed('Applied available fixes (run scan again to verify)');
+                }
+                catch {
+                    fixSpinner.fail('Some fixes could not be applied automatically');
+                }
+            }
+            return { success: findings.length === 0 || (criticalCount === 0 && highCount === 0) };
+        }
+        catch (error) {
+            spinner.fail('Scan failed');
+            output.printError(`Error: ${error}`);
+            return { success: false };
+        }
+    },
 };
 // CVE subcommand
-var cveCommand = {
+const cveCommand = {
     name: 'cve',
     description: 'Check and manage CVE vulnerabilities',
     options: [
@@ -311,389 +244,335 @@ var cveCommand = {
         { command: 'claude-flow security cve --list', description: 'List all CVEs' },
         { command: 'claude-flow security cve -c CVE-2024-1234', description: 'Check specific CVE' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var checkCve;
-        return __generator(this, function (_a) {
-            checkCve = ctx.flags.check;
+    action: async (ctx) => {
+        const checkCve = ctx.flags.check;
+        output.writeln();
+        output.writeln(output.bold('CVE Database'));
+        output.writeln(output.dim('─'.repeat(50)));
+        if (checkCve) {
+            output.printBox([
+                `CVE ID: ${checkCve}`,
+                `Severity: CRITICAL (9.8)`,
+                `Status: Active`,
+                ``,
+                `Description: Remote code execution vulnerability`,
+                `Affected: lodash < 4.17.21`,
+                `Fix: Upgrade to lodash >= 4.17.21`,
+                ``,
+                `References:`,
+                `  - https://nvd.nist.gov/vuln/detail/${checkCve}`,
+                `  - https://github.com/advisories`,
+            ].join('\n'), 'CVE Details');
+        }
+        else {
+            output.writeln(output.warning('⚠ No real CVE database configured. Showing example data.'));
+            output.writeln(output.dim('Run "npm audit" or "claude-flow security scan" for real vulnerability detection.'));
             output.writeln();
-            output.writeln(output.bold('CVE Database'));
-            output.writeln(output.dim('─'.repeat(50)));
-            if (checkCve) {
-                output.printBox([
-                    "CVE ID: " + checkCve,
-                    "Severity: CRITICAL (9.8)",
-                    "Status: Active",
-                    "",
-                    "Description: Remote code execution vulnerability",
-                    "Affected: lodash < 4.17.21",
-                    "Fix: Upgrade to lodash >= 4.17.21",
-                    "",
-                    "References:",
-                    "  - https://nvd.nist.gov/vuln/detail/" + checkCve,
-                    "  - https://github.com/advisories",
-                ].join('\n'), 'CVE Details');
-            }
-            else {
-                output.writeln(output.warning('⚠ No real CVE database configured. Showing example data.'));
-                output.writeln(output.dim('Run "npm audit" or "claude-flow security scan" for real vulnerability detection.'));
-                output.writeln();
-                output.printTable({
-                    columns: [
-                        { key: 'id', header: 'CVE ID (Example)', width: 22 },
-                        { key: 'severity', header: 'Severity', width: 12 },
-                        { key: 'package', header: 'Package', width: 20 },
-                        { key: 'status', header: 'Status', width: 15 },
-                    ],
-                    data: [
-                        { id: 'CVE-YYYY-NNNN', severity: output.error('CRITICAL'), package: 'example-pkg@1.0.0', status: output.warning('Example') },
-                        { id: 'CVE-YYYY-NNNN', severity: output.warning('HIGH'), package: 'example-pkg@2.0.0', status: output.success('Example') },
-                        { id: 'CVE-YYYY-NNNN', severity: output.info('MEDIUM'), package: 'example-pkg@3.0.0', status: output.success('Example') },
-                    ]
-                });
-            }
-            return [2 /*return*/, { success: true }];
-        });
-    }); }
+            output.printTable({
+                columns: [
+                    { key: 'id', header: 'CVE ID (Example)', width: 22 },
+                    { key: 'severity', header: 'Severity', width: 12 },
+                    { key: 'package', header: 'Package', width: 20 },
+                    { key: 'status', header: 'Status', width: 15 },
+                ],
+                data: [
+                    { id: 'CVE-YYYY-NNNN', severity: output.error('CRITICAL'), package: 'example-pkg@1.0.0', status: output.warning('Example') },
+                    { id: 'CVE-YYYY-NNNN', severity: output.warning('HIGH'), package: 'example-pkg@2.0.0', status: output.success('Example') },
+                    { id: 'CVE-YYYY-NNNN', severity: output.info('MEDIUM'), package: 'example-pkg@3.0.0', status: output.success('Example') },
+                ],
+            });
+        }
+        return { success: true };
+    },
 };
 // Threats subcommand
-var threatsCommand = {
+const threatsCommand = {
     name: 'threats',
     description: 'Threat modeling and analysis',
     options: [
-        { name: 'model', short: 'm', type: 'string', description: 'Threat model: stride, dread, pasta', "default": 'stride' },
-        { name: 'scope', short: 's', type: 'string', description: 'Analysis scope', "default": '.' },
+        { name: 'model', short: 'm', type: 'string', description: 'Threat model: stride, dread, pasta', default: 'stride' },
+        { name: 'scope', short: 's', type: 'string', description: 'Analysis scope', default: '.' },
         { name: 'export', short: 'e', type: 'string', description: 'Export format: json, md, html' },
     ],
     examples: [
         { command: 'claude-flow security threats --model stride', description: 'Run STRIDE analysis' },
         { command: 'claude-flow security threats -e md', description: 'Export as markdown' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var model;
-        return __generator(this, function (_a) {
-            model = ctx.flags.model || 'stride';
-            output.writeln();
-            output.writeln(output.bold("Threat Model: " + model.toUpperCase()));
-            output.writeln(output.dim('─'.repeat(50)));
-            output.printTable({
-                columns: [
-                    { key: 'category', header: 'Category', width: 20 },
-                    { key: 'threat', header: 'Threat', width: 30 },
-                    { key: 'risk', header: 'Risk', width: 10 },
-                    { key: 'mitigation', header: 'Mitigation', width: 30 },
-                ],
-                data: [
-                    { category: 'Spoofing', threat: 'API key theft', risk: output.error('High'), mitigation: 'Use secure key storage' },
-                    { category: 'Tampering', threat: 'Data manipulation', risk: output.warning('Medium'), mitigation: 'Input validation' },
-                    { category: 'Repudiation', threat: 'Action denial', risk: output.info('Low'), mitigation: 'Audit logging' },
-                    { category: 'Info Disclosure', threat: 'Data leakage', risk: output.error('High'), mitigation: 'Encryption at rest' },
-                    { category: 'DoS', threat: 'Resource exhaustion', risk: output.warning('Medium'), mitigation: 'Rate limiting' },
-                    { category: 'Elevation', threat: 'Privilege escalation', risk: output.error('High'), mitigation: 'RBAC implementation' },
-                ]
-            });
-            return [2 /*return*/, { success: true }];
+    action: async (ctx) => {
+        const model = ctx.flags.model || 'stride';
+        output.writeln();
+        output.writeln(output.bold(`Threat Model: ${model.toUpperCase()}`));
+        output.writeln(output.dim('─'.repeat(50)));
+        output.printTable({
+            columns: [
+                { key: 'category', header: 'Category', width: 20 },
+                { key: 'threat', header: 'Threat', width: 30 },
+                { key: 'risk', header: 'Risk', width: 10 },
+                { key: 'mitigation', header: 'Mitigation', width: 30 },
+            ],
+            data: [
+                { category: 'Spoofing', threat: 'API key theft', risk: output.error('High'), mitigation: 'Use secure key storage' },
+                { category: 'Tampering', threat: 'Data manipulation', risk: output.warning('Medium'), mitigation: 'Input validation' },
+                { category: 'Repudiation', threat: 'Action denial', risk: output.info('Low'), mitigation: 'Audit logging' },
+                { category: 'Info Disclosure', threat: 'Data leakage', risk: output.error('High'), mitigation: 'Encryption at rest' },
+                { category: 'DoS', threat: 'Resource exhaustion', risk: output.warning('Medium'), mitigation: 'Rate limiting' },
+                { category: 'Elevation', threat: 'Privilege escalation', risk: output.error('High'), mitigation: 'RBAC implementation' },
+            ],
         });
-    }); }
+        return { success: true };
+    },
 };
 // Audit subcommand
-var auditCommand = {
+const auditCommand = {
     name: 'audit',
     description: 'Security audit logging and compliance',
     options: [
-        { name: 'action', short: 'a', type: 'string', description: 'Action: log, list, export, clear', "default": 'list' },
-        { name: 'limit', short: 'l', type: 'number', description: 'Number of entries to show', "default": '20' },
+        { name: 'action', short: 'a', type: 'string', description: 'Action: log, list, export, clear', default: 'list' },
+        { name: 'limit', short: 'l', type: 'number', description: 'Number of entries to show', default: '20' },
         { name: 'filter', short: 'f', type: 'string', description: 'Filter by event type' },
     ],
     examples: [
         { command: 'claude-flow security audit --action list', description: 'List audit logs' },
         { command: 'claude-flow security audit -a export', description: 'Export audit trail' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var action, _a, existsSync, readFileSync, readdirSync, statSync, join, auditEntries, swarmDir, files, _i, _b, file, stat, ts, now;
-        return __generator(this, function (_c) {
-            switch (_c.label) {
-                case 0:
-                    action = ctx.flags.action || 'list';
-                    output.writeln();
-                    output.writeln(output.bold('Security Audit Log'));
-                    output.writeln(output.dim('─'.repeat(60)));
-                    return [4 /*yield*/, import('fs')];
-                case 1:
-                    _a = _c.sent(), existsSync = _a.existsSync, readFileSync = _a.readFileSync, readdirSync = _a.readdirSync, statSync = _a.statSync;
-                    return [4 /*yield*/, import('path')];
-                case 2:
-                    join = (_c.sent()).join;
-                    auditEntries = [];
-                    swarmDir = join(process.cwd(), '.swarm');
-                    // Check session files for real audit events
-                    if (existsSync(swarmDir)) {
-                        try {
-                            files = readdirSync(swarmDir).filter(function (f) { return f.endsWith('.json'); });
-                            for (_i = 0, _b = files.slice(-10); _i < _b.length; _i++) {
-                                file = _b[_i];
-                                try {
-                                    stat = statSync(join(swarmDir, file));
-                                    ts = stat.mtime.toISOString().replace('T', ' ').substring(0, 19);
-                                    auditEntries.push({
-                                        timestamp: ts,
-                                        event: file.includes('session') ? 'SESSION_UPDATE' :
-                                            file.includes('swarm') ? 'SWARM_ACTIVITY' :
-                                                file.includes('memory') ? 'MEMORY_WRITE' : 'CONFIG_CHANGE',
-                                        user: 'system',
-                                        status: output.success('Success')
-                                    });
-                                }
-                                catch ( /* skip */_d) { /* skip */ }
-                            }
-                        }
-                        catch ( /* ignore */_e) { /* ignore */ }
-                    }
-                    now = new Date().toISOString().replace('T', ' ').substring(0, 19);
-                    auditEntries.push({ timestamp: now, event: 'AUDIT_RUN', user: 'cli', status: output.success('Success') });
-                    // Sort by timestamp desc
-                    auditEntries.sort(function (a, b) { return b.timestamp.localeCompare(a.timestamp); });
-                    if (auditEntries.length === 0) {
-                        output.writeln(output.dim('No audit events found. Initialize a project first: claude-flow init'));
-                    }
-                    else {
-                        output.printTable({
-                            columns: [
-                                { key: 'timestamp', header: 'Timestamp', width: 22 },
-                                { key: 'event', header: 'Event', width: 20 },
-                                { key: 'user', header: 'User', width: 15 },
-                                { key: 'status', header: 'Status', width: 12 },
-                            ],
-                            data: auditEntries.slice(0, parseInt(ctx.flags.limit || '20', 10))
+    action: async (ctx) => {
+        const action = ctx.flags.action || 'list';
+        output.writeln();
+        output.writeln(output.bold('Security Audit Log'));
+        output.writeln(output.dim('─'.repeat(60)));
+        // Generate real audit entries from .swarm/ state and session history
+        const { existsSync, readFileSync, readdirSync, statSync } = await import('fs');
+        const { join } = await import('path');
+        const auditEntries = [];
+        const swarmDir = join(process.cwd(), '.swarm');
+        // Check session files for real audit events
+        if (existsSync(swarmDir)) {
+            try {
+                const files = readdirSync(swarmDir).filter(f => f.endsWith('.json'));
+                for (const file of files.slice(-10)) {
+                    try {
+                        const stat = statSync(join(swarmDir, file));
+                        const ts = stat.mtime.toISOString().replace('T', ' ').substring(0, 19);
+                        auditEntries.push({
+                            timestamp: ts,
+                            event: file.includes('session') ? 'SESSION_UPDATE' :
+                                file.includes('swarm') ? 'SWARM_ACTIVITY' :
+                                    file.includes('memory') ? 'MEMORY_WRITE' : 'CONFIG_CHANGE',
+                            user: 'system',
+                            status: output.success('Success')
                         });
                     }
-                    return [2 /*return*/, { success: true }];
+                    catch { /* skip */ }
+                }
             }
-        });
-    }); }
+            catch { /* ignore */ }
+        }
+        // Add current session entry
+        const now = new Date().toISOString().replace('T', ' ').substring(0, 19);
+        auditEntries.push({ timestamp: now, event: 'AUDIT_RUN', user: 'cli', status: output.success('Success') });
+        // Sort by timestamp desc
+        auditEntries.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
+        if (auditEntries.length === 0) {
+            output.writeln(output.dim('No audit events found. Initialize a project first: claude-flow init'));
+        }
+        else {
+            output.printTable({
+                columns: [
+                    { key: 'timestamp', header: 'Timestamp', width: 22 },
+                    { key: 'event', header: 'Event', width: 20 },
+                    { key: 'user', header: 'User', width: 15 },
+                    { key: 'status', header: 'Status', width: 12 },
+                ],
+                data: auditEntries.slice(0, parseInt(ctx.flags.limit || '20', 10)),
+            });
+        }
+        return { success: true };
+    },
 };
 // Secrets subcommand
-var secretsCommand = {
+const secretsCommand = {
     name: 'secrets',
     description: 'Detect and manage secrets in codebase',
     options: [
-        { name: 'action', short: 'a', type: 'string', description: 'Action: scan, list, rotate', "default": 'scan' },
-        { name: 'path', short: 'p', type: 'string', description: 'Path to scan', "default": '.' },
+        { name: 'action', short: 'a', type: 'string', description: 'Action: scan, list, rotate', default: 'scan' },
+        { name: 'path', short: 'p', type: 'string', description: 'Path to scan', default: '.' },
         { name: 'ignore', short: 'i', type: 'string', description: 'Patterns to ignore' },
     ],
     examples: [
         { command: 'claude-flow security secrets --action scan', description: 'Scan for secrets' },
         { command: 'claude-flow security secrets -a rotate', description: 'Rotate compromised secrets' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var path, spinner;
-        return __generator(this, function (_a) {
-            switch (_a.label) {
-                case 0:
-                    path = ctx.flags.path || '.';
-                    output.writeln();
-                    output.writeln(output.bold('Secret Detection'));
-                    output.writeln(output.dim('─'.repeat(50)));
-                    spinner = output.createSpinner({ text: 'Scanning for secrets...', spinner: 'dots' });
-                    spinner.start();
-                    return [4 /*yield*/, new Promise(function (r) { return setTimeout(r, 800); })];
-                case 1:
-                    _a.sent();
-                    spinner.succeed('Scan complete');
-                    output.writeln();
-                    output.writeln(output.warning('⚠ No real secrets scan performed. Showing example findings.'));
-                    output.writeln(output.dim('Run "claude-flow security scan --depth full" for real secret detection.'));
-                    output.writeln();
-                    output.printTable({
-                        columns: [
-                            { key: 'type', header: 'Secret Type (Example)', width: 25 },
-                            { key: 'location', header: 'Location', width: 30 },
-                            { key: 'risk', header: 'Risk', width: 12 },
-                            { key: 'action', header: 'Recommended', width: 20 },
-                        ],
-                        data: [
-                            { type: 'AWS Access Key', location: 'example/config.ts:15', risk: output.error('Critical'), action: 'Rotate immediately' },
-                            { type: 'GitHub Token', location: 'example/.env:8', risk: output.warning('High'), action: 'Remove from repo' },
-                            { type: 'JWT Secret', location: 'example/auth.ts:42', risk: output.warning('High'), action: 'Use env variable' },
-                            { type: 'DB Password', location: 'example/compose.yml:23', risk: output.warning('Medium'), action: 'Use secrets mgmt' },
-                        ]
-                    });
-                    return [2 /*return*/, { success: true }];
-            }
+    action: async (ctx) => {
+        const path = ctx.flags.path || '.';
+        output.writeln();
+        output.writeln(output.bold('Secret Detection'));
+        output.writeln(output.dim('─'.repeat(50)));
+        const spinner = output.createSpinner({ text: 'Scanning for secrets...', spinner: 'dots' });
+        spinner.start();
+        await new Promise(r => setTimeout(r, 800));
+        spinner.succeed('Scan complete');
+        output.writeln();
+        output.writeln(output.warning('⚠ No real secrets scan performed. Showing example findings.'));
+        output.writeln(output.dim('Run "claude-flow security scan --depth full" for real secret detection.'));
+        output.writeln();
+        output.printTable({
+            columns: [
+                { key: 'type', header: 'Secret Type (Example)', width: 25 },
+                { key: 'location', header: 'Location', width: 30 },
+                { key: 'risk', header: 'Risk', width: 12 },
+                { key: 'action', header: 'Recommended', width: 20 },
+            ],
+            data: [
+                { type: 'AWS Access Key', location: 'example/config.ts:15', risk: output.error('Critical'), action: 'Rotate immediately' },
+                { type: 'GitHub Token', location: 'example/.env:8', risk: output.warning('High'), action: 'Remove from repo' },
+                { type: 'JWT Secret', location: 'example/auth.ts:42', risk: output.warning('High'), action: 'Use env variable' },
+                { type: 'DB Password', location: 'example/compose.yml:23', risk: output.warning('Medium'), action: 'Use secrets mgmt' },
+            ],
         });
-    }); }
+        return { success: true };
+    },
 };
 // Defend subcommand (AIDefence integration)
-var defendCommand = {
+const defendCommand = {
     name: 'defend',
     description: 'AI manipulation defense - detect prompt injection, jailbreaks, and PII',
     options: [
         { name: 'input', short: 'i', type: 'string', description: 'Input text to scan for threats' },
         { name: 'file', short: 'f', type: 'string', description: 'File to scan for threats' },
         { name: 'quick', short: 'Q', type: 'boolean', description: 'Quick scan (faster, less detailed)' },
-        { name: 'learn', short: 'l', type: 'boolean', description: 'Enable learning mode', "default": 'true' },
+        { name: 'learn', short: 'l', type: 'boolean', description: 'Enable learning mode', default: 'true' },
         { name: 'stats', short: 's', type: 'boolean', description: 'Show detection statistics' },
-        { name: 'output', short: 'o', type: 'string', description: 'Output format: text, json', "default": 'text' },
+        { name: 'output', short: 'o', type: 'string', description: 'Output format: text, json', default: 'text' },
     ],
     examples: [
         { command: 'claude-flow security defend -i "ignore previous instructions"', description: 'Scan text for threats' },
         { command: 'claude-flow security defend -f ./prompts.txt', description: 'Scan file for threats' },
         { command: 'claude-flow security defend --stats', description: 'Show detection statistics' },
     ],
-    action: function (ctx) { return __awaiter(void 0, void 0, Promise, function () {
-        var inputText, filePath, quickMode, showStats, outputFormat, enableLearning, createAIDefence, aidefence, _a, defender, stats, textToScan, fs, err_1, spinner, startTime, result, _b, scanTime, _i, _c, threat, severityColor, criticalThreats, _d, criticalThreats_1, threat, mitigation;
-        return __generator(this, function (_e) {
-            switch (_e.label) {
-                case 0:
-                    inputText = ctx.flags.input;
-                    filePath = ctx.flags.file;
-                    quickMode = ctx.flags.quick;
-                    showStats = ctx.flags.stats;
-                    outputFormat = ctx.flags.output || 'text';
-                    enableLearning = ctx.flags.learn !== false;
-                    output.writeln();
-                    output.writeln(output.bold('🛡️ AIDefence - AI Manipulation Defense System'));
-                    output.writeln(output.dim('─'.repeat(55)));
-                    _e.label = 1;
-                case 1:
-                    _e.trys.push([1, 3, , 4]);
-                    return [4 /*yield*/, import('@claude-flow/aidefence')];
-                case 2:
-                    aidefence = _e.sent();
-                    createAIDefence = aidefence.createAIDefence;
-                    return [3 /*break*/, 4];
-                case 3:
-                    _a = _e.sent();
-                    output.error('AIDefence package not installed. Run: npm install @claude-flow/aidefence');
-                    return [2 /*return*/, { success: false, message: 'AIDefence not available' }];
-                case 4:
-                    defender = createAIDefence({ enableLearning: enableLearning });
-                    if (!showStats) return [3 /*break*/, 6];
-                    return [4 /*yield*/, defender.getStats()];
-                case 5:
-                    stats = _e.sent();
-                    output.writeln();
-                    output.printBox([
-                        "Detection Count: " + stats.detectionCount,
-                        "Avg Detection Time: " + stats.avgDetectionTimeMs.toFixed(3) + "ms",
-                        "Learned Patterns: " + stats.learnedPatterns,
-                        "Mitigation Strategies: " + stats.mitigationStrategies,
-                        "Avg Mitigation Effectiveness: " + (stats.avgMitigationEffectiveness * 100).toFixed(1) + "%",
-                    ].join('\n'), 'Detection Statistics');
-                    return [2 /*return*/, { success: true }];
-                case 6:
-                    textToScan = inputText;
-                    if (!filePath) return [3 /*break*/, 11];
-                    _e.label = 7;
-                case 7:
-                    _e.trys.push([7, 10, , 11]);
-                    return [4 /*yield*/, import('fs/promises')];
-                case 8:
-                    fs = _e.sent();
-                    return [4 /*yield*/, fs.readFile(filePath, 'utf-8')];
-                case 9:
-                    textToScan = _e.sent();
-                    output.writeln(output.dim("Reading file: " + filePath));
-                    return [3 /*break*/, 11];
-                case 10:
-                    err_1 = _e.sent();
-                    output.error("Failed to read file: " + filePath);
-                    return [2 /*return*/, { success: false, message: 'File not found' }];
-                case 11:
-                    if (!textToScan) {
-                        output.writeln('Usage: claude-flow security defend -i "<text>" or -f <file>');
-                        output.writeln();
-                        output.writeln('Options:');
-                        output.printList([
-                            '-i, --input   Text to scan for AI manipulation attempts',
-                            '-f, --file    File path to scan',
-                            '-q, --quick   Quick scan mode (faster)',
-                            '-s, --stats   Show detection statistics',
-                            '--learn       Enable pattern learning (default: true)',
-                        ]);
-                        return [2 /*return*/, { success: true }];
-                    }
-                    spinner = output.createSpinner({ text: 'Scanning for threats...', spinner: 'dots' });
-                    spinner.start();
-                    startTime = performance.now();
-                    if (!quickMode) return [3 /*break*/, 12];
-                    _b = __assign(__assign({}, defender.quickScan(textToScan)), { threats: [], piiFound: false, detectionTimeMs: 0, inputHash: '', safe: !defender.quickScan(textToScan).threat });
-                    return [3 /*break*/, 14];
-                case 12: return [4 /*yield*/, defender.detect(textToScan)];
-                case 13:
-                    _b = _e.sent();
-                    _e.label = 14;
-                case 14:
-                    result = _b;
-                    scanTime = performance.now() - startTime;
-                    spinner.stop();
-                    // JSON output
-                    if (outputFormat === 'json') {
-                        output.writeln(JSON.stringify({
-                            safe: result.safe,
-                            threats: result.threats || [],
-                            piiFound: result.piiFound,
-                            detectionTimeMs: scanTime
-                        }, null, 2));
-                        return [2 /*return*/, { success: true }];
-                    }
-                    // Text output
-                    output.writeln();
-                    if (!(result.safe && !result.piiFound)) return [3 /*break*/, 15];
-                    output.writeln(output.success('✅ No threats detected'));
-                    return [3 /*break*/, 21];
-                case 15:
-                    if (!(!result.safe && result.threats)) return [3 /*break*/, 20];
-                    output.writeln(output.error("\u26A0\uFE0F " + result.threats.length + " threat(s) detected:"));
+    action: async (ctx) => {
+        const inputText = ctx.flags.input;
+        const filePath = ctx.flags.file;
+        const quickMode = ctx.flags.quick;
+        const showStats = ctx.flags.stats;
+        const outputFormat = ctx.flags.output || 'text';
+        const enableLearning = ctx.flags.learn !== false;
+        output.writeln();
+        output.writeln(output.bold('🛡️ AIDefence - AI Manipulation Defense System'));
+        output.writeln(output.dim('─'.repeat(55)));
+        // Dynamic import of aidefence (allows package to be optional)
+        let createAIDefence;
+        try {
+            const aidefence = await import('@claude-flow/aidefence');
+            createAIDefence = aidefence.createAIDefence;
+        }
+        catch {
+            output.error('AIDefence package not installed. Run: npm install @claude-flow/aidefence');
+            return { success: false, message: 'AIDefence not available' };
+        }
+        const defender = createAIDefence({ enableLearning });
+        // Show stats mode
+        if (showStats) {
+            const stats = await defender.getStats();
+            output.writeln();
+            output.printBox([
+                `Detection Count: ${stats.detectionCount}`,
+                `Avg Detection Time: ${stats.avgDetectionTimeMs.toFixed(3)}ms`,
+                `Learned Patterns: ${stats.learnedPatterns}`,
+                `Mitigation Strategies: ${stats.mitigationStrategies}`,
+                `Avg Mitigation Effectiveness: ${(stats.avgMitigationEffectiveness * 100).toFixed(1)}%`,
+            ].join('\n'), 'Detection Statistics');
+            return { success: true };
+        }
+        // Get input to scan
+        let textToScan = inputText;
+        if (filePath) {
+            try {
+                const fs = await import('fs/promises');
+                textToScan = await fs.readFile(filePath, 'utf-8');
+                output.writeln(output.dim(`Reading file: ${filePath}`));
+            }
+            catch (err) {
+                output.error(`Failed to read file: ${filePath}`);
+                return { success: false, message: 'File not found' };
+            }
+        }
+        if (!textToScan) {
+            output.writeln('Usage: claude-flow security defend -i "<text>" or -f <file>');
+            output.writeln();
+            output.writeln('Options:');
+            output.printList([
+                '-i, --input   Text to scan for AI manipulation attempts',
+                '-f, --file    File path to scan',
+                '-q, --quick   Quick scan mode (faster)',
+                '-s, --stats   Show detection statistics',
+                '--learn       Enable pattern learning (default: true)',
+            ]);
+            return { success: true };
+        }
+        const spinner = output.createSpinner({ text: 'Scanning for threats...', spinner: 'dots' });
+        spinner.start();
+        // Perform scan
+        const startTime = performance.now();
+        const result = quickMode
+            ? { ...defender.quickScan(textToScan), threats: [], piiFound: false, detectionTimeMs: 0, inputHash: '', safe: !defender.quickScan(textToScan).threat }
+            : await defender.detect(textToScan);
+        const scanTime = performance.now() - startTime;
+        spinner.stop();
+        // JSON output
+        if (outputFormat === 'json') {
+            output.writeln(JSON.stringify({
+                safe: result.safe,
+                threats: result.threats || [],
+                piiFound: result.piiFound,
+                detectionTimeMs: scanTime,
+            }, null, 2));
+            return { success: true };
+        }
+        // Text output
+        output.writeln();
+        if (result.safe && !result.piiFound) {
+            output.writeln(output.success('✅ No threats detected'));
+        }
+        else {
+            if (!result.safe && result.threats) {
+                output.writeln(output.error(`⚠️ ${result.threats.length} threat(s) detected:`));
+                output.writeln();
+                for (const threat of result.threats) {
+                    const severityColor = {
+                        critical: output.error,
+                        high: output.warning,
+                        medium: output.info,
+                        low: output.dim,
+                    }[threat.severity] || output.dim;
+                    output.writeln(`  ${severityColor(`[${threat.severity.toUpperCase()}]`)} ${threat.type}`);
+                    output.writeln(`    ${output.dim(threat.description)}`);
+                    output.writeln(`    Confidence: ${(threat.confidence * 100).toFixed(1)}%`);
                     output.writeln();
-                    for (_i = 0, _c = result.threats; _i < _c.length; _i++) {
-                        threat = _c[_i];
-                        severityColor = {
-                            critical: output.error,
-                            high: output.warning,
-                            medium: output.info,
-                            low: output.dim
-                        }[threat.severity] || output.dim;
-                        output.writeln("  " + severityColor("[" + threat.severity.toUpperCase() + "]") + " " + threat.type);
-                        output.writeln("    " + output.dim(threat.description));
-                        output.writeln("    Confidence: " + (threat.confidence * 100).toFixed(1) + "%");
-                        output.writeln();
-                    }
-                    criticalThreats = result.threats.filter(function (t) { return t.severity === 'critical'; });
-                    if (!(criticalThreats.length > 0 && enableLearning)) return [3 /*break*/, 20];
+                }
+                // Show mitigation recommendations
+                const criticalThreats = result.threats.filter(t => t.severity === 'critical');
+                if (criticalThreats.length > 0 && enableLearning) {
                     output.writeln(output.bold('Recommended Mitigations:'));
-                    _d = 0, criticalThreats_1 = criticalThreats;
-                    _e.label = 16;
-                case 16:
-                    if (!(_d < criticalThreats_1.length)) return [3 /*break*/, 19];
-                    threat = criticalThreats_1[_d];
-                    return [4 /*yield*/, defender.getBestMitigation(threat.type)];
-                case 17:
-                    mitigation = _e.sent();
-                    if (mitigation) {
-                        output.writeln("  " + threat.type + ": " + output.bold(mitigation.strategy) + " (" + (mitigation.effectiveness * 100).toFixed(0) + "% effective)");
+                    for (const threat of criticalThreats) {
+                        const mitigation = await defender.getBestMitigation(threat.type);
+                        if (mitigation) {
+                            output.writeln(`  ${threat.type}: ${output.bold(mitigation.strategy)} (${(mitigation.effectiveness * 100).toFixed(0)}% effective)`);
+                        }
                     }
-                    _e.label = 18;
-                case 18:
-                    _d++;
-                    return [3 /*break*/, 16];
-                case 19:
                     output.writeln();
-                    _e.label = 20;
-                case 20:
-                    if (result.piiFound) {
-                        output.writeln(output.warning('⚠️ PII detected (emails, SSNs, API keys, etc.)'));
-                        output.writeln();
-                    }
-                    _e.label = 21;
-                case 21:
-                    output.writeln(output.dim("Detection time: " + scanTime.toFixed(3) + "ms"));
-                    return [2 /*return*/, { success: result.safe }];
+                }
             }
-        });
-    }); }
+            if (result.piiFound) {
+                output.writeln(output.warning('⚠️ PII detected (emails, SSNs, API keys, etc.)'));
+                output.writeln();
+            }
+        }
+        output.writeln(output.dim(`Detection time: ${scanTime.toFixed(3)}ms`));
+        return { success: result.safe };
+    },
 };
 // Main security command
-export var securityCommand = {
+export const securityCommand = {
     name: 'security',
     description: 'Security scanning, CVE detection, threat modeling, AI defense',
     subcommands: [scanCommand, cveCommand, threatsCommand, auditCommand, secretsCommand, defendCommand],
@@ -702,28 +581,26 @@ export var securityCommand = {
         { command: 'claude-flow security cve --list', description: 'List known CVEs' },
         { command: 'claude-flow security threats', description: 'Run threat analysis' },
     ],
-    action: function () { return __awaiter(void 0, void 0, Promise, function () {
-        return __generator(this, function (_a) {
-            output.writeln();
-            output.writeln(output.bold('RuFlo Security Suite'));
-            output.writeln(output.dim('Comprehensive security scanning and vulnerability management'));
-            output.writeln();
-            output.writeln('Subcommands:');
-            output.printList([
-                'scan     - Run security scans on code, deps, containers',
-                'cve      - Check and manage CVE vulnerabilities',
-                'threats  - Threat modeling (STRIDE, DREAD, PASTA)',
-                'audit    - Security audit logging and compliance',
-                'secrets  - Detect and manage secrets in codebase',
-                'defend   - AI manipulation defense (prompt injection, jailbreaks, PII)',
-            ]);
-            output.writeln();
-            output.writeln('Use --help with subcommands for more info');
-            output.writeln();
-            output.writeln(output.dim('Created with ❤️ by ruv.io'));
-            return [2 /*return*/, { success: true }];
-        });
-    }); }
+    action: async () => {
+        output.writeln();
+        output.writeln(output.bold('RuFlo Security Suite'));
+        output.writeln(output.dim('Comprehensive security scanning and vulnerability management'));
+        output.writeln();
+        output.writeln('Subcommands:');
+        output.printList([
+            'scan     - Run security scans on code, deps, containers',
+            'cve      - Check and manage CVE vulnerabilities',
+            'threats  - Threat modeling (STRIDE, DREAD, PASTA)',
+            'audit    - Security audit logging and compliance',
+            'secrets  - Detect and manage secrets in codebase',
+            'defend   - AI manipulation defense (prompt injection, jailbreaks, PII)',
+        ]);
+        output.writeln();
+        output.writeln('Use --help with subcommands for more info');
+        output.writeln();
+        output.writeln(output.dim('Created with ❤️ by ruv.io'));
+        return { success: true };
+    },
 };
 export default securityCommand;
 //# sourceMappingURL=security.js.map